| Gojomo | |
|
2006-02-13
TinyURLs are evil URLs
TinyURLs are awful, for usability, for stability of reference, and for browsing safety. Please don't use them in wikis, email, or anywhere. The problems:
(A TinyURL competitor, SnipURL, also lets the creator of a short URL modify it in the future -- making it possible to popularize a SnipURL, have it pass manual review, and then change to a problem URL at any arbitrary time in the future.) There is very little information at the sites of TinyURL or its competitors to assess the long-term stability and trustworthiness of these services -- but even if the service were run by a large venerable institution with an impeccable reputation, most of these problems would remain. And other problems would arise, as venerable institutions are subject to social and political pressures that could make them more willing to, for example, censor or redirect certain short URLs. (If the Chinese Communist Party were to demand that a TinyURL to a dissident page get remapped to a state propaganda page, the same large stable institutions most likely to provide long-lived servers are also most likely to comply to authoritarian change requests.) URLs should be naked, as endowed by their creators with the inalienable rights of meaningfulness, transparency, and stability. Friends don't let friends use TinyURLs. Technorati Tags: tinyurl, snipurl, urls, security, linking, spam, malware «»
Comments:
Spam for minorurl deleted. Has same problems as all other such services.
On the URL I tried, it made the URL longer.
'the blogger' -
I don't use TinyURLs, but I am still occasionally put at risk by people who do use them. Hence, the explanation of the problems with TinyURLs. This entry has helped spread the word to people who otherwise don't realize that using TinyURLs can be rude. Do you find anything factually inaccurate about my criticism of TinyURLs?
Tinyurl offer a preview option which presents you with the final destination url - you can use this to decide to continue to the 'hidden' site or not:
http://tinyurl.com/preview.php
Ian said...
Tinyurl offer a preview option which presents you with the final destination url - you can use this to decide to continue to the 'hidden' site or not: http://tinyurl.com/preview.php You can set your preferences to stop at tinyURL's site via cookies. But that doesn't take away from his main concerns, perpetuating a cloaked redirection service where there isn't a need, creates an unnecessary security risk, now and more importantly in the future !
Surely a valid reason for using tinyurl is to hide email addresses on web pages from spam harvesters?
I've looked into various methods; java, encoding etc. but if there is nothing at all a spam bot likes such at the '@' symbol or 'mailto:' then it won't harvest any email addresses from a page which helps combat spam. Or am I missing something?
I think one way to avoid the whole hassle is to use Firefox with NoScript.
Even if you end up at 'wrongful' site, noscript will handle the script issue.
@faith - That's not much of a solution. It means even if I trust the destination site (eg: Google), I can't click links from people who might relay bad links.
Even friends and family members, who I deeply "trust" in real life, don't necessarily know what might be a risky web site. So I couldn't even confidently click TinyURL links from them, under your idea. And your 'judge the sender' idea also doesn't solve the problems with TinyURL's long-term reliability. Faith, that's a damn bad idea!
@johnk: NoScript can help with some security risks.
But, it doesn't save wasted time at a spam site, or undo the fraudulent traffic benefits collected at the destination site. It can't solve the potential TinyURL service reliability issues. And even NoScript can leave one vulnerable to fresh vulnerabilities in browsers or helper apps.
non-tiny URLs can be redirected just as easily as ones from tinyurl.com. Unless you only ever click on links to recognized sites, I don't see how avoiding tinyurl makes you any safer.
xraybox wrote: "...cloaked redirection service where there isn't a need..." -- until every mailer will grab every long URL pasted into it and send it properly (without splitting into multiple lines, for example), and until URLs are intelligible enough that people can easily tell where they lead and short enough to fit into SMS messages (and have room for anything else), there will be a need.
There will be spammers, hackers, and malware writers. Don't punish the honest folk by removing the capability; instead, have them report the bad guys, warn people when they find a rogue URL, tiny or snipped or not, and suggest technological solutions that people will actually use.
The SEO advantages of omitting tiny urls is well documented. HOW does one stop Twitter from automatically truncating? My blog urls are too long for twitter and I lose any SEO benefit posting on twitter. Has anyone created a recipe for this?
If so, email me? Please. ritathejobcoach@gmail.com
I love TinyURL and SnipURL because they make URLs short enough to fit in SMS messages, and SnipURL even allows giving it a recognizable name. I've never been redirected to a spam or porn site, but then again, I neither feel a pathological need to click on every URL I see nor get bent out of shape if I end up somewhere I don't want to be. I also have a Mac, so I don't have to worry quite so much about Trojans, malware, etc. And as far as SnipURLs maybe going away, so do long ones -- the Web is not cast in bronze; live with it. In any case, the rant about TinyURL/SnipURL strikes me as FUD, grumpiness, or both. I have better things to worry about, and *much* better things to do than type or cut and paste 150-character URLs. (Does anyone wonder what URL someone ran through TinyURL that got *longer*, and think that whoever did so must be unclear on the concept...?)
Post a Comment
|
News and opinion on technology, culture, business, politics, and the hidden meaning of it all.
About Gordon Mohr
|
RSS Feed
